Hi!
I'm new to using Docker, Docker compose and Traefik.
Currently, I'm trying to get the dashboard to show up and a global http to https redirect working, but I'm having no luck.
I have a subdomain set up on my Domain registrar (A record) and I have a docker-compose.yml and traefik.yml file created.
docker-compose.yml :
version: "3.7"
services:
traefik:
image: "traefik:v2.1.1"
container_name: "e9200_traefik"
restart: unless-stopped
volumes: # mounts
- "/var/run/docker.sock:/var/run/docker.sock:ro" # listen for docker events (read only)
- "./traefik/traefik.yml:/traefik.yml:ro" # traefik config (read only)
- "./traefik/acme.json:/acme.json" # save traefik SSL cert data here
- "./logs:/logs" # save log files here
ports: # web ports
- "80:80"
- "443:443"
- "8080:8080"
- "8082:8082"
labels:
- "traefik.enable=true"
traefik.yml :
# log info
log:
level: DEBUG
format: json
filePath: "logs/traefik.log"
accessLog:
filePath: "logs/access.log"
bufferingSize: 256
# enable API
api:
dashboard: true
debug: true
# enable ping
ping:
entryPoint: "ping"
# entry points
entryPoints:
http:
address: ":80"
https:
address: ":443"
ping:
address: ":8082"
# routes
http:
routers:
# redirect ALL HTTP requests to HTTPS
http-catchall:
rule: hostregexp( `{host:.+}` )
service: noop
entryPoints:
- "http"
middlewares:
- "https-redirect"
# display main website
main:
rule: Host( `site.net` )
middlewares:
- "retry-con"
# traefik API / dashboard
api:
rule: Host( `traefik.site.net` )
service: api@internal
middlewares:
- "retry-con"
- "api-auth"
services:
noop:
loadBalancer:
servers:
- url: 'http://127.0.0.1'
middlewares:
# retry connection 3 times
retry-con:
retry:
attempts: 3
# redirect HTTP to HTTPS
https-redirect:
redirectScheme:
scheme: "https"
# guard API routes
api-auth:
basicAuth:
users:
- "admin:salt+hash"
# automatic SSL
certificatesResolvers:
http:
acme:
email: "admin@site.net"
storage: "acme.json"
httpChallenge:
entryPoint: "http"
# docker config
providers:
docker:
endpoint: "unix:///var/run/docker.sock"
watch: true
exposedByDefault: false
Am I misunderstanding dynamic configs, etc? I assume i don't have to use labels everywhere and can just place all my routes and middlewares inside the traefik.yml file. Or does Docker require labels for all my middlewares... Seems kinda silly to type all my middleware rules twice, no?
Going to my website i get a 404 when trying to access the dashboard and https redirects are missing. Any help would be greatly appreciate, thanks!
ldez
December 16, 2019, 8:52am
2
Hello,
To use the file provider (dynamic configuration written in a file) you have to enable the provider and you have to create a dedicated file.
version: "3.7"
services:
traefik:
image: "traefik:v2.1.1"
container_name: "e9200_traefik"
restart: unless-stopped
volumes: # mounts
- "/var/run/docker.sock:/var/run/docker.sock:ro" # listen for docker events (read only)
- "./traefik/traefik.yml:/traefik.yml:ro" # traefik static config (read only)
- "./traefik/config/:/config/" # traefik dynamic config
- "./traefik/acme.json:/acme.json" # save traefik SSL cert data here
- "./logs:/logs" # save log files here
ports: # web ports
- "80:80"
- "443:443"
- "8080:8080"
- "8082:8082"
traefik.yml:
# log info
log:
level: DEBUG
format: json
filePath: "logs/traefik.log"
accessLog:
filePath: "logs/access.log"
bufferingSize: 256
# enable API
api:
dashboard: true
# enable ping
ping:
entryPoint: "ping"
# entry points
entryPoints:
http:
address: ":80"
https:
address: ":443"
ping:
address: ":8082"
# automatic SSL
certificatesResolvers:
http:
acme:
email: "admin@site.net"
storage: "acme.json"
httpChallenge:
entryPoint: "http"
providers:
# docker config
docker:
endpoint: "unix:///var/run/docker.sock"
watch: true
exposedByDefault: false
# file provider
file:
directory: /config
/config/config.yml:
# routes
http:
routers:
# redirect ALL HTTP requests to HTTPS
http-catchall:
rule: hostregexp( `{host:.+}` )
service: noop
entryPoints:
- "http"
middlewares:
- "https-redirect"
# display main website
# main:
# rule: Host( `site.net` )
# middlewares:
# - "retry-con"
# traefik API / dashboard
api:
rule: Host( `traefik.site.net` )
service: api@internal
middlewares:
- "retry-con"
- "api-auth"
services:
noop:
loadBalancer:
servers:
- url: 'http://127.0.0.1'
middlewares:
# retry connection 3 times
retry-con:
retry:
attempts: 3
# redirect HTTP to HTTPS
https-redirect:
redirectScheme:
scheme: "https"
# guard API routes
api-auth:
basicAuth:
users:
- "admin:salt+hash"
ldez
December 16, 2019, 8:59am
3
Also I recommend to use labels instead of file:
version: "3.7"
services:
traefik:
image: "traefik:v2.1.1"
container_name: "e9200_traefik"
restart: unless-stopped
volumes: # mounts
- "/var/run/docker.sock:/var/run/docker.sock:ro" # listen for docker events (read only)
- "./traefik/traefik.yml:/traefik.yml:ro" # traefik static config (read only)
- "./traefik/acme.json:/acme.json" # save traefik SSL cert data here
- "./logs:/logs" # save log files here
ports: # web ports
- "80:80"
- "443:443"
- "8080:8080"
- "8082:8082"
labels:
traefik.enable: true
# redirect ALL HTTP requests to HTTPS
traefik.http.routers.http-catchall.rule: hostregexp(`{host:.+}`)
traefik.http.routers.http-catchall.entrypoints: web
traefik.http.routers.http-catchall.middlewares: redirect-to-https@docker
traefik.http.middlewares.redirect-to-https.redirectscheme.scheme: https
# traefik API / dashboard
traefik.http.routers.api.rule: Host( `traefik.site.net` )
traefik.http.routers.api.service: api@internal
traefik.http.routers.api.middlewares: retry-con,api-auth
## Middlewares
# redirect HTTP to HTTPS
traefik.http.middlewares.https-redirect.redirectScheme.scheme: https
# guard API routes
traefik.http.middlewares.api-auth.basicAuth.users: admin:salt+hash
# retry connection 3 times
traefik.middlewares:retry-con.retry.attempts: 3
# log info
log:
level: DEBUG
format: json
filePath: "logs/traefik.log"
accessLog:
filePath: "logs/access.log"
bufferingSize: 256
# enable API
api:
dashboard: true
# enable ping
ping:
entryPoint: "ping"
# entry points
entryPoints:
http:
address: ":80"
https:
address: ":443"
ping:
address: ":8082"
# automatic SSL
certificatesResolvers:
http:
acme:
email: "admin@site.net"
storage: "acme.json"
httpChallenge:
entryPoint: "http"
providers:
# docker config
docker:
endpoint: "unix:///var/run/docker.sock"
watch: true
exposedByDefault: false
1 Like
thank you for the guidance! i realize i can't mix configuration types, i will stick to labels for now. all is working now!
also, do you have any info about the @docker config stuff?
ldez
December 16, 2019, 9:12am
6
The provider namespaces (@docker, @file, ...) can be use by example when you want to reference a service (from a provider) to router (from another provider)
In most cases, you don't need that.
1 Like